Aggregates CVE and security vulnerability intelligence across all ctan-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk memory corruption, with potential vendor impact application crash and vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-40446 | An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script | [email protected] | 9.8 | 0.13% | 2025-04-22 | 2025-06-23 |
| CVE-2024-40445 | A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. | [email protected] | 7.3 | 0.07% | 2025-04-22 | 2025-06-23 |
| CVE-2023-51890 | An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL. | [email protected] | 7.5 | 0.45% | 2024-01-24 | 2025-06-17 |
| CVE-2023-51889 | Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | [email protected] | 9.8 | 2.95% | 2024-01-24 | 2025-06-16 |
| CVE-2023-51888 | Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. | [email protected] | 7.5 | 0.88% | 2024-01-24 | 2024-11-21 |
| CVE-2023-51887 | Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | [email protected] | 9.8 | 3.18% | 2024-01-24 | 2025-06-20 |
| CVE-2023-51886 | Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | [email protected] | 7.5 | 0.67% | 2024-01-24 | 2025-05-30 |
| CVE-2023-51885 | Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | [email protected] | 9.8 | 2.95% | 2024-01-24 | 2025-05-30 |